Skip to main content
Business Protection Bulletin


By November 1, 2008No Comments

A salesman is robbed in a parking garage and loses his laptop computer. Hackers unleash a Trojan horse virus that infiltrates the computer network of a large retail store chain. The virus compromises a customer database. An unhappy employee spirits customer records home with him and begins applying for credit under customers’ names. These things can and do happen. They are a technological and public relations nightmare for the businesses involved. They will also likely culminate in lawsuits against the firms for mishandling customer information. Without financial protection against these types of events, a business could very quickly go bankrupt.

The rise of electronic commerce and the use of sophisticated computer networks for storing data have caused the insurance industry to develop products to cover businesses against liability for lost customer information. One such product is the Electronic Data Liability policy, introduced in 2004 and now available in many states. Its purpose is to pay for a firm’s defense when customers sue it for allegedly failing to safeguard their information, and to pay any resulting settlements or judgments against the firm.

The policy covers the firm’s liability for “loss of electronic data” caused by an “electronic data incident.” An “electronic data incident” could be an accident, a negligent act, error or omission, or a series of these.

Some examples of the types of incidents this policy might cover are:

  • The previously mentioned Trojan horse virus that enables hackers to access the customer database.
  • During a power blackout, looters break into an office and take employees’ computers.
  • An employee leaves customer files in the open on her desk at night, allowing cleaning staff to obtain bank account information and social security numbers.

Coverage applies on a “claims made” basis. This means the policy will cover incidents that occurred on or after a specific date stated in the policy (known as the “retroactive date”) and reported to the insurance company during the policy period. For example, assume that a policy has a term of January 1, 2008 to January 1, 2009, and it lists January 1, 2005 as its retroactive date. On September 30, 2008, the firm finds out that hackers broke into its systems in the summer of 2006. It reports the incident to the insurance company that day. The policy would cover this claim because it occurred after the retroactive date. This would not be true if the break-in happened in 2004, before the retroactive date.

To keep the policy’s cost down, it does not cover several types of losses. For example, it does not cover losses caused by theft or unauthorized use of electronic data by past or present employees, temporary workers or volunteers. The policy will not provide coverage for the acts of the previously mentioned disgruntled employee. It also does not cover losses arising out of a firm’s providing “computer products or services.” These include, among other things, installing or repairing computer equipment and software, storing data for others, providing Internet services, and providing communications services to others. It also does not cover acts such as alleged copyright or trademark infringements.

Although the policy covers claims reported during the policy period, it has a special provision to give additional time for reporting. The insurance company will treat claims reported within 30 days after the policy expires as if the policyholder reported them while the policy was in force. For an additional premium, the company might extend the reporting deadline to three years after the policy expires. However, this additional premium can be up to 100% of the original premium.

High-speed computer networks have given modern business opportunities it has never had before. However, those opportunities have come at the cost of higher risks with potentially large consequences. Any firm doing business over the Internet or private networks (that is to say, all firms) should discuss electronic data liability coverage with one of our insurance agents. Call our office today!